Google: apparent Russian hackers play copycat to commercial spyware vendors | CyberScoop<\/title> <meta name=\"description\" content=\"The attack campaigns show how spyware tech companies have become more akin to nation-state threat actors.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/apt29-spyware-google-threat-analysis-group\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Google: apparent Russian hackers play copycat to commercial spyware vendors\"> <meta property=\"og:description\" content=\"The attack campaigns show how spyware tech companies have become more akin to nation-state threat actors.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/apt29-spyware-google-threat-analysis-group\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-08-29T13:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-08-28T21:36:46+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1721926675g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1724181137g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1724269863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81567\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81567\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fapt29-spyware-google-threat-analysis-group%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fapt29-spyware-google-threat-analysis-group%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81567 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/apt29-spyware-google-threat-analysis-group\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards! <\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.335774058577\">\n<div class=\"single-article__header-content\" readability=\"29.892376681614\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> The attack campaigns show how spyware tech companies have become more akin to nation-state threat actors. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Mongolian guards stand guard in front of the Genghis Khan statue at the Government Palace in Ulaanbaatar on May 21, 2023. The hackers allegedly conducted watering hole attacks on Mongolian government websites.(Photo by LUDOVIC MARIN\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"26.915325077399\"><body readability=\"55.86281460475\"><\/p>\n<p>When experts on spyware outline the dangers of that snooping technology, they often note how vendors can put tools in the hands of their customers that are nearly as sophisticated as the capabilities of the most advanced cyber nations in the world.<\/p>\n<p>Now, researchers have turned up a case where a likely Russian government-backed hacking crew has apparently embraced exploits first used by commercial spyware vendors (CSVs).<\/p>\n<p>Google\u2019s Threat Analysis Group published <a href=\"https:\/\/blog.google\/threat-analysis-group\/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits\/\">a blog post<\/a> Thursday that details recent watering hole attacks, during which hackers infect a website to target its users, in this case Mongolian government websites. The report assesses with \u201cmoderate confidence\u201d that the campaigns were the handiwork of APT29, a group that\u2019s been linked to Russia\u2019s Foreign Intelligence Service and that is sometimes also referred to as Cozy Bear or Midnight Blizzard. <\/p>\n<p>Google stated that the hackers used \u201cn-day\u201d exploits, or vulnerabilities that are publicly known but not yet patched. In this case, the former 0-day \u2014 or previously unknown \u2014 exploits were used by major commercial spyware producers.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIn each iteration of the watering hole campaigns, the attackers used exploits that were identical or strikingly similar to exploits from CSVs, Intellexa and NSO Group,\u201d the report states. \u201cWe do not know how the attackers acquired these exploits. What is clear is that APT actors are using n-day exploits that were originally used as 0-days by CSVs.\u201d<\/p>\n<p>The campaigns occurred from November of last year to this July.<\/p>\n<p>The last year-plus has brought a wave of government action to crack down on spyware abuses, from the United States\u2019 <a href=\"https:\/\/cyberscoop.com\/white-house-spyware-executive-order\/\">executive order<\/a>, to the publication of <a href=\"https:\/\/www.washingtonpost.com\/politics\/2023\/05\/09\/european-committee-investigating-spyware-abuses-advances-long-awaited-report\/\">a European Union report<\/a>, to <a href=\"https:\/\/cyberscoop.com\/sanctioned-and-exposed-predator-spyware-maker-group-has-gone-awfully-quiet\/\">Poland\u2019s groundbreaking reckoning<\/a> with its own spyware past. While there are signs <a href=\"https:\/\/cyberscoop.com\/sanctioned-and-exposed-predator-spyware-maker-group-has-gone-awfully-quiet\/\">the pressure is having an impact<\/a>, Google\u2019s report is evidence of the ongoing sophistication of commercial spyware vendors.<\/p>\n<p>Some experts suggest that leading cyber nations like Russia <a href=\"https:\/\/www.washingtonpost.com\/technology\/2023\/09\/13\/pegasus-infection-meduza-founder\/\">have little need<\/a> to buy commercial spyware technology. But it does offer less technologically advanced countries user-friendly and effective surveillance tools they couldn\u2019t otherwise develop themselves. <\/p>\n<p>This wouldn\u2019t be the first time that commercial spyware companies have outpaced nations themselves, with Google <a href=\"https:\/\/cyberscoop.com\/spyware-zero-days-2023\/\">revealing in March<\/a> that these vendors last year accounted for the majority of known exploited mobile and browser 0-day vulnerabilities.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Its Thursday report highlights the ongoing threat spyware vendors can pose.<\/p>\n<p>\u201cWhile we are uncertain how suspected APT29 actors acquired these exploits, our research underscores the extent to which exploits first developed by the commercial surveillance industry are proliferated to dangerous threat actors,\u201d the report states.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/apt29-spyware-google-threat-analysis-group\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google: apparent Russian hackers play copycat to commercial spyware vendors<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1808,1732,970,1599,302,387,117,1629,2537,2538,1469,2048,268,270,482,288,1170],"tags":[1811,1734,972,1601,306,391,119,1632,2539,2540,1471,2053,274,276,484,294,1171],"class_list":["post-5071","post","type-post","status-publish","format-standard","hentry","category-apt29","category-cozy-bear","category-european-union","category-executive-order","category-geopolitics","category-google","category-government","category-intellexa","category-mongolia","category-n-day","category-nso-group","category-poland","category-privacy","category-russia","category-spyware","category-threats","category-zero-days","tag-apt29","tag-cozy-bear","tag-european-union","tag-executive-order","tag-geopolitics","tag-google","tag-government","tag-intellexa","tag-mongolia","tag-n-day","tag-nso-group","tag-poland","tag-privacy","tag-russia","tag-spyware","tag-threats","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt29\/\" rel=\"category tag\">APT29<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cozy-bear\/\" rel=\"category tag\">Cozy Bear<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/european-union\/\" rel=\"category tag\">European Union<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/executive-order\/\" rel=\"category tag\">Executive order<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/intellexa\/\" rel=\"category tag\">Intellexa<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mongolia\/\" rel=\"category tag\">Mongolia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/n-day\/\" rel=\"category tag\">n-day<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nso-group\/\" rel=\"category tag\">NSO Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/poland\/\" rel=\"category tag\">Poland<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/privacy\/\" rel=\"category tag\">Privacy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spyware\/\" rel=\"category tag\">spyware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5071"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5071\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5071,"date":"2024-08-29T08:00:00","date_gmt":"2024-08-29T13:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81567"},"modified":"2024-08-29T08:00:00","modified_gmt":"2024-08-29T13:00:00","slug":"google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/29\/google-apparent-russian-hackers-play-copycat-to-commercial-spyware-vendors\/","title":{"rendered":"Google: apparent Russian hackers play copycat to commercial spyware vendors"},"content":{"rendered":"